Files
doc
newDesign
src
main
java
resources
scripts
tomcatconf
webapp
META-INF
WEB-INF
css
database
fonts
images
js
lessonJS
lesson_plans
English
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
CSRF.html
ChallengeScreen.html
ClientSideFiltering.html
ClientSideValidation.html
CommandInjection.html
ConcurrencyCart.html
CrossSiteScripting.html
CsrfPromptByPass.html
CsrfTokenByPass.html
DBCrossSiteScripting.html
DBSQLInjection.html
DOMInjection.html
DOMXSS.html
DOS_Login.html
DangerousEval.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HowToWork.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
InsecureLogin.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
MultiLevelLogin1.html
MultiLevelLogin2.html
NewLesson.html
OffByOne.html
PasswordStrength.html
PathBasedAccessControl.html
Phishing.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SQLInjection.html
SameOriginPolicyProtection.html
SessionFixation.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TomcatSetup.html
TraceXSS.html
UncheckedEmail.html
UsefulTools.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
German
de
en
ru
lesson_solutions
lesson_solutions_1
lessons
plugins
users
index.jsp
lesson_content.jsp
main.jsp
reportBug.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
.gitignore
README.txt
pom.xml
WebGoat/src/main/webapp/lesson_plans/English/TraceXSS.html
Dave a387d06a34 Refactored files to Maven standard Layout
Added plugin to produce executable jar. Now it is easy to run webgoat on all platforms.
2014-08-23 13:07:10 -04:00

9 lines
793 B
HTML

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Tracing (XST) Attacks </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
<p><b>General Goal(s):</b> </p>
Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.
<!-- Stop Instructions -->